package com.qiwibonus.model.repository.pinning;

import android.util.Base64;
import android.util.Log;
import androidx.lifecycle.MutableLiveData;
import com.qiwibonus.App;
import com.qiwibonus.di.LocalScope;
import com.qiwibonus.model.data.pinning.QiwiXMLParser;
import com.qiwibonus.model.data.server.PinningApi;
import com.qiwibonus.model.data.storage.AppPrefs;
import com.qiwibonus.model.repository.pinning.PinningProvider;
import com.qiwibonus.model.system.pining.SslUtils;
import io.fabric.sdk.android.services.common.CommonUtils;
import io.reactivex.android.schedulers.AndroidSchedulers;
import io.reactivex.functions.Consumer;
import io.reactivex.schedulers.Schedulers;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
import javax.inject.Inject;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.io.ByteStreamsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import okhttp3.CertificatePinner;
import okhttp3.ResponseBody;

/* compiled from: PinningProvider.kt */
@LocalScope
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000j\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0007\u0018\u00002\u00020\u0001:\u0002'(B\u000f\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eH\u0002J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\u0010\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u0014\u001a\u00020\u0015H\u0002J\u0018\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\f2\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\u001e\u0010\u001b\u001a\u00020\u00172\f\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\f0\u001d2\u0006\u0010\u001e\u001a\u00020\u001fH\u0002J\u0016\u0010 \u001a\b\u0012\u0004\u0012\u00020!0\u001d2\u0006\u0010\u0014\u001a\u00020\u0015H\u0002J\n\u0010\"\u001a\u0004\u0018\u00010\u0015H\u0002J\b\u0010#\u001a\u0004\u0018\u00010$J\u0006\u0010%\u001a\u00020\tJ\u0010\u0010&\u001a\u00020\u00172\u0006\u0010\u001e\u001a\u00020\u001fH\u0007R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006R\u0017\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\t0\b¢\u0006\b\n\u0000\u001a\u0004\b\u0007\u0010\n¨\u0006)"}, d2 = {"Lcom/qiwibonus/model/repository/pinning/PinningProvider;", "", "api", "Lcom/qiwibonus/model/data/server/PinningApi;", "(Lcom/qiwibonus/model/data/server/PinningApi;)V", "getApi", "()Lcom/qiwibonus/model/data/server/PinningApi;", "isRefreshingCerts", "Landroidx/lifecycle/MutableLiveData;", "", "()Landroidx/lifecycle/MutableLiveData;", "calculateSHA256", "", "inputStream", "Ljava/io/InputStream;", "createSSLContext", "Ljavax/net/ssl/SSLContext;", "tmf", "Ljavax/net/ssl/TrustManagerFactory;", "createTrustManagerFactory", "keyStore", "Ljava/security/KeyStore;", "downloadCert", "", "certPath", "downloaded", "Lcom/qiwibonus/model/repository/pinning/PinningProvider$Downloaded;", "downloadCerts", "certNames", "", "certificatesUpdated", "Lcom/qiwibonus/model/repository/pinning/PinningProvider$CertificatesUpdated;", "getCertificatesFromKeystore", "Lcom/qiwibonus/model/repository/pinning/QiwiCertificate;", "getKeyStore", "getPinnedCerts", "Lcom/qiwibonus/model/repository/pinning/PinnedTrustStore;", "isHaveCerts", "refreshCerts", "CertificatesUpdated", "Downloaded", "app_release"}, k = 1, mv = {1, 1, 16})
/* loaded from: classes.dex */
public final class PinningProvider {
    private final PinningApi api;
    private final MutableLiveData<Boolean> isRefreshingCerts;

    /* compiled from: PinningProvider.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\bf\u0018\u00002\u00020\u0001J\b\u0010\u0002\u001a\u00020\u0003H&J\b\u0010\u0004\u001a\u00020\u0003H&¨\u0006\u0005"}, d2 = {"Lcom/qiwibonus/model/repository/pinning/PinningProvider$CertificatesUpdated;", "", "updateError", "", "updated", "app_release"}, k = 1, mv = {1, 1, 16})
    /* loaded from: classes.dex */
    public interface CertificatesUpdated {
        void updateError();

        void updated();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: PinningProvider.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0018\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\bb\u0018\u00002\u00020\u0001J\u0010\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u0005H&J\b\u0010\u0006\u001a\u00020\u0003H&¨\u0006\u0007"}, d2 = {"Lcom/qiwibonus/model/repository/pinning/PinningProvider$Downloaded;", "", "done", "", "inputStream", "Ljava/io/InputStream;", "error", "app_release"}, k = 1, mv = {1, 1, 16})
    /* loaded from: classes.dex */
    public interface Downloaded {
        void done(InputStream inputStream);

        void error();
    }

    @Inject
    public PinningProvider(PinningApi api) {
        Intrinsics.checkParameterIsNotNull(api, "api");
        this.api = api;
        this.isRefreshingCerts = new MutableLiveData<>();
        this.isRefreshingCerts.postValue(false);
        refreshCerts(new CertificatesUpdated() { // from class: com.qiwibonus.model.repository.pinning.PinningProvider.1
            @Override // com.qiwibonus.model.repository.pinning.PinningProvider.CertificatesUpdated
            public void updateError() {
                Log.e(PinningProviderKt.TAG, "certs not updated on init");
            }

            @Override // com.qiwibonus.model.repository.pinning.PinningProvider.CertificatesUpdated
            public void updated() {
                Log.d(PinningProviderKt.TAG, "certs success updated on init");
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String calculateSHA256(InputStream inputStream) {
        MessageDigest messageDigest = MessageDigest.getInstance(CommonUtils.SHA256_INSTANCE);
        for (byte b : ByteStreamsKt.readBytes(inputStream)) {
            messageDigest.update(b);
        }
        byte[] result = messageDigest.digest();
        Intrinsics.checkExpressionValueIsNotNull(result, "result");
        String str = "";
        for (byte b2 : result) {
            StringBuilder sb = new StringBuilder();
            sb.append(str);
            Object[] objArr = {Byte.valueOf(b2)};
            String format = String.format("%02x", Arrays.copyOf(objArr, objArr.length));
            Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(this, *args)");
            sb.append(format);
            str = sb.toString();
        }
        return str;
    }

    private final SSLContext createSSLContext(TrustManagerFactory tmf) {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, tmf.getTrustManagers(), null);
        Intrinsics.checkExpressionValueIsNotNull(sSLContext, "SSLContext.getInstance(\"…Managers, null)\n        }");
        return sSLContext;
    }

    private final TrustManagerFactory createTrustManagerFactory(KeyStore keyStore) {
        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        Intrinsics.checkExpressionValueIsNotNull(defaultAlgorithm, "TrustManagerFactory.getDefaultAlgorithm()");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
        trustManagerFactory.init(keyStore);
        Intrinsics.checkExpressionValueIsNotNull(trustManagerFactory, "TrustManagerFactory.getI… init(keyStore)\n        }");
        return trustManagerFactory;
    }

    private final void downloadCert(String certPath, final Downloaded downloaded) {
        this.api.downloadCert(certPath).observeOn(AndroidSchedulers.mainThread()).subscribeOn(Schedulers.io()).subscribe(new Consumer<ResponseBody>() { // from class: com.qiwibonus.model.repository.pinning.PinningProvider$downloadCert$1
            @Override // io.reactivex.functions.Consumer
            public final void accept(ResponseBody responseBody) {
                PinningProvider.Downloaded.this.done(responseBody.byteStream());
            }
        }, new Consumer<Throwable>() { // from class: com.qiwibonus.model.repository.pinning.PinningProvider$downloadCert$2
            @Override // io.reactivex.functions.Consumer
            public final void accept(Throwable th) {
                PinningProvider.Downloaded.this.error();
                Log.e(PinningProviderKt.TAG, "refreshCerts", th);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void downloadCerts(List<String> certNames, final CertificatesUpdated certificatesUpdated) {
        final KeyStore keyStore = SslUtils.INSTANCE.getKeyStore(App.INSTANCE.applicationContext());
        Log.d(PinningProviderKt.TAG, "start download certs");
        final Ref.IntRef intRef = new Ref.IntRef();
        intRef.element = certNames.size();
        final Ref.BooleanRef booleanRef = new Ref.BooleanRef();
        booleanRef.element = false;
        for (String str : certNames) {
            if (booleanRef.element) {
                return;
            }
            downloadCert("https://update-security1.qiwi.com/cert/" + str, new Downloaded() { // from class: com.qiwibonus.model.repository.pinning.PinningProvider$downloadCerts$1
                @Override // com.qiwibonus.model.repository.pinning.PinningProvider.Downloaded
                public void done(InputStream inputStream) {
                    Intrinsics.checkParameterIsNotNull(inputStream, "inputStream");
                    SslUtils.INSTANCE.addCertToStore(keyStore, inputStream, App.INSTANCE.applicationContext());
                    Ref.IntRef intRef2 = intRef;
                    intRef2.element--;
                    if (intRef.element == 0) {
                        Log.d(PinningProviderKt.TAG, "all certs are downloaded success");
                        certificatesUpdated.updated();
                    }
                }

                @Override // com.qiwibonus.model.repository.pinning.PinningProvider.Downloaded
                public void error() {
                    if (booleanRef.element) {
                        return;
                    }
                    certificatesUpdated.updateError();
                    booleanRef.element = true;
                }
            });
        }
    }

    private final List<QiwiCertificate> getCertificatesFromKeystore(KeyStore keyStore) {
        Enumeration<String> aliases = keyStore.aliases();
        ArrayList arrayList = new ArrayList();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (nextElement == null) {
                throw new TypeCastException("null cannot be cast to non-null type kotlin.String");
            }
            Certificate certificate = keyStore.getCertificate(nextElement);
            if (certificate == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            PublicKey publicKey = ((X509Certificate) certificate).getPublicKey();
            Intrinsics.checkExpressionValueIsNotNull(publicKey, "certificate.publicKey");
            byte[] encoded = publicKey.getEncoded();
            if (encoded != null) {
                MessageDigest messageDigest = MessageDigest.getInstance(CommonUtils.SHA256_INSTANCE);
                messageDigest.update(encoded, 0, encoded.length);
                arrayList.add(new QiwiCertificate(new CertificatePinner.Builder().add("*.qiwi.com", "sha256/" + Base64.encodeToString(messageDigest.digest(), 2)).build()));
            }
        }
        return arrayList;
    }

    private final KeyStore getKeyStore() {
        return SslUtils.INSTANCE.getKeyStore(App.INSTANCE.applicationContext());
    }

    public final PinningApi getApi() {
        return this.api;
    }

    public final PinnedTrustStore getPinnedCerts() {
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            return null;
        }
        TrustManagerFactory createTrustManagerFactory = createTrustManagerFactory(keyStore);
        SSLSocketFactory socketFactory = createSSLContext(createTrustManagerFactory).getSocketFactory();
        Intrinsics.checkExpressionValueIsNotNull(socketFactory, "sslContext.socketFactory");
        TrustManager trustManager = createTrustManagerFactory.getTrustManagers()[0];
        if (trustManager != null) {
            return new PinnedTrustStore(socketFactory, (X509TrustManager) trustManager);
        }
        throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
    }

    public final boolean isHaveCerts() {
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            return false;
        }
        List<QiwiCertificate> certificatesFromKeystore = getCertificatesFromKeystore(keyStore);
        int size = certificatesFromKeystore.size();
        AppPrefs prefs = App.INSTANCE.getPrefs();
        if (prefs == null || size != prefs.getLastSavedCertListSize()) {
            SslUtils.INSTANCE.removeKeystore(App.INSTANCE.applicationContext());
            AppPrefs prefs2 = App.INSTANCE.getPrefs();
            if (prefs2 != null) {
                prefs2.setLastSavedCertListSHA256((String) null);
            }
        }
        if (!(!certificatesFromKeystore.isEmpty())) {
            return false;
        }
        int size2 = certificatesFromKeystore.size();
        AppPrefs prefs3 = App.INSTANCE.getPrefs();
        return prefs3 != null && size2 == prefs3.getLastSavedCertListSize();
    }

    public final MutableLiveData<Boolean> isRefreshingCerts() {
        return this.isRefreshingCerts;
    }

    public final void refreshCerts(final CertificatesUpdated certificatesUpdated) {
        Intrinsics.checkParameterIsNotNull(certificatesUpdated, "certificatesUpdated");
        if (this.isRefreshingCerts.getValue() != null) {
            Boolean value = this.isRefreshingCerts.getValue();
            if (value == null) {
                Intrinsics.throwNpe();
            }
            if (value.booleanValue()) {
                Log.d(PinningProviderKt.TAG, "certs is refreshing, ignore");
                return;
            }
        }
        this.isRefreshingCerts.postValue(true);
        this.api.getCertsPath().observeOn(AndroidSchedulers.mainThread()).subscribeOn(Schedulers.io()).subscribe(new Consumer<ResponseBody>() { // from class: com.qiwibonus.model.repository.pinning.PinningProvider$refreshCerts$1
            @Override // io.reactivex.functions.Consumer
            public final void accept(ResponseBody responseBody) {
                final String calculateSHA256;
                final List<String> parse = new QiwiXMLParser().parse(responseBody.byteStream());
                calculateSHA256 = PinningProvider.this.calculateSHA256(responseBody.byteStream());
                if (!Intrinsics.areEqual(calculateSHA256, App.INSTANCE.getPrefs() != null ? r1.getLastSavedCertListSHA256() : null)) {
                    PinningProvider.this.downloadCerts(parse, new PinningProvider.CertificatesUpdated() { // from class: com.qiwibonus.model.repository.pinning.PinningProvider$refreshCerts$1.1
                        @Override // com.qiwibonus.model.repository.pinning.PinningProvider.CertificatesUpdated
                        public void updateError() {
                            PinningProvider.this.isRefreshingCerts().postValue(false);
                            certificatesUpdated.updateError();
                        }

                        @Override // com.qiwibonus.model.repository.pinning.PinningProvider.CertificatesUpdated
                        public void updated() {
                            PinningProvider.this.isRefreshingCerts().postValue(false);
                            App companion = App.INSTANCE.getInstance();
                            if (companion != null) {
                                companion.recreateDaggerComponent();
                            }
                            certificatesUpdated.updated();
                            AppPrefs prefs = App.INSTANCE.getPrefs();
                            if (prefs != null) {
                                prefs.setLastSavedCertListSHA256(calculateSHA256);
                            }
                            AppPrefs prefs2 = App.INSTANCE.getPrefs();
                            if (prefs2 != null) {
                                prefs2.setLastSavedCertListSize(parse.size());
                            }
                        }
                    });
                    return;
                }
                Log.d(PinningProviderKt.TAG, "certs is valid, not need for update");
                PinningProvider.this.isRefreshingCerts().postValue(false);
                certificatesUpdated.updateError();
            }
        }, new Consumer<Throwable>() { // from class: com.qiwibonus.model.repository.pinning.PinningProvider$refreshCerts$2
            @Override // io.reactivex.functions.Consumer
            public final void accept(Throwable th) {
                PinningProvider.this.isRefreshingCerts().postValue(false);
                certificatesUpdated.updateError();
                Log.e(PinningProviderKt.TAG, "refreshCerts", th);
            }
        });
    }
}
